For $75 this holiday season, you can chat with Barbie, playing games, sharing jokes, and opening yourself up to a personal data breach. Wait, what?

Mattel's Wi-Fi-connected "Hello Barbie" boasts some of the same features as your mobile virtual assistant—she talks, stores data in the cloud, and gets to know you over time. But according to a report from security firm Bluebox Labs and researcher Andrew Hay, the famous blonde also poses a security risk for children and parents.

Never one to leave home without accessories, Hello Barbie comes with a free companion app for Android and iOS. Users must log in with a ToyTalk account to activate conversational features. But Bluebox discovered several issues, most notably that the apps connect to any wireless network with the word "Barbie" in the name.

That means anyone within range of your Wi-Fi-enabled figure could create a fake network and tap into your saved data and recordings.

"For any connected device, strong security must take into account not just the device itself, but the full scope of apps and infrastructure associated with it," said Andrew Blaich, lead security analyst at Bluebox.

"As a leader in the toy industry for more than 70 years, Mattel is committed to safety and security when bringing new products to market," a company spokeswoman told PCMag.

"It is important to note that in all claims we know about, no children's audio files were accessed, no passwords were compromised, no personal information was disclosed and no dolls were made to say anything unintended," she continued.

Technology partner ToyTalk last week addressed public concerns, saying that "we are not aware of anyone who has been able to access your Wi-Fi passwords or your kid's audio data."

Related

"Mattel and ToyTalk have invested a lot of effort to build the safest experience possible for parents and their children," ToyTalk CTO Martin Reddy wrote in a blog post. "As part of that commitment, we are actively engaging the security community to address any concerns."

In fact, Bluebox said a number of issues were resolved ahead of publication of its research. And for those that weren't, ToyTalk has initiated a security bug bounty program to keep Hello Barbie, and her friends, safe from prying eyes.

This wasn't the first complaint about Mattel's new talkative doll, which was introduced in February. In March, the Campaign for a Commercial-Free Childhood (CCFC) issued a petition to stop the toy from hitting shelves. The group was concerned about Barbie probing children about their interests, families, or location, not to mention the possibility of her being reprogrammed with inappropriate replies, or switched to an always-on mode.

About the Author

Stephanie joined PCMag in May 2012, moving to New York City from Frederick, Md., where she worked for four years as a multimedia reporter at the second-largest daily newspaper in Maryland. She interned at Baltimore magazine and graduated from Indiana University of Pennsylvania (in the town of Indiana, in the state of Pennsylvania) with a degree in ... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.